ClearML/dropbear
1
0
Fork 0
mirror of https://github.com/clearml/dropbear synced 2025-02-07 13:21:15 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,501 Commits 5 Branches 63 Tags 14 MiB
fa116e983b
Commit Graph

46 Commits

Author SHA1 Message Date
Matt Johnston
fa116e983b Rename EPKA -> Plugin 2019-05-15 21:59:45 +08:00
fabriziobertocci
8c6aaf8d36 External Public-Key Authentication API (#72) 
* Implemented dynamic loading of an external plug-in shared library to delegate public key authentication

* Moved conditional compilation of the plugin infrastructure into the configure.ac script to be able to add -ldl to dropbear build only when the flag is enabled

* Added tags file to the ignore list

* Updated API to have the constructor to return function pointers in the pliugin instance. Added support for passing user name to the checkpubkey function. Added options to the session returned by the plugin and have dropbear to parse and process them

* Added -rdynamic to the linker flags when EPKA is enabled

* Changed the API to pass a previously created session to the checkPubKey function (created during preauth)

* Added documentation to the API

* Added parameter addrstring to plugin creation function

* Modified the API to retrieve the auth options. Instead of having them as field of the EPKASession struct, they are stored internally (plugin-dependent) in the plugin/session and retrieved through a pointer to a function (in the session)

* Changed option string to be a simple char * instead of unsigned char *
 2019-05-15 21:43:57 +08:00
Patrick Stewart
0af22aa8e4 Support servers without multiple user support (#76) 2019-03-20 22:44:49 +08:00
François Perrad
28b6111db0 use strlcpy & strlcat (#74) 
* refactor checkpubkeyperms() with safe BSD functions

fix gcc8 warnings
```
svr-authpubkey.c: In function 'checkpubkeyperms':
svr-authpubkey.c:427:2: warning: 'strncat' specified bound 5 equals source length [-Wstringop-overflow=]
  strncat(filename, "/.ssh", 5); /* strlen("/.ssh") == 5 */
  ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
svr-authpubkey.c:433:2: warning: 'strncat' specified bound 16 equals source length [-Wstringop-overflow=]
  strncat(filename, "/authorized_keys", 16);
  ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
```

see https://www.sudo.ws/todd/papers/strlcpy.html

* restore strlcpy in xstrdup

see original https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/xmalloc.c?rev=1.16
 2019-03-20 22:09:19 +08:00
Matt Johnston
ad3eacf3d6 Merge bugfix delay invalid users 2018-08-23 23:43:45 +08:00
Matt Johnston
52adbb34c3 Wait to fail invalid usernames 2018-08-23 23:43:12 +08:00
Matt Johnston
27828c742c don't allow null characters in authorized_keys 2018-03-07 22:16:21 +08:00
Matt Johnston
e9edbe8bb2 avoid leak of pubkey_options 2018-03-06 22:18:20 +08:00
Matt Johnston
c658b275fd - #if not #ifdef for DROPBEAR_FUZZ 
- fix some unused variables

--HG--
branch : fuzz
 2018-02-28 21:40:08 +08:00
Matt Johnston
7e8094d53a merge from main 
--HG--
branch : fuzz
 2018-02-17 19:29:51 +08:00
Matt Johnston
e0748b1970 Remove accidentally committed DROPBEAR_FUZZ 2018-02-16 23:17:15 +08:00
Matt Johnston
e64e25e4d6 Merge pull request #49 from fperrad/20170812_lint 
Some linting, const parameters
 2018-01-25 21:55:25 +08:00
Matt Johnston
dd8988220e fix checkpubkey_line function name for TRACE 2017-10-04 22:30:18 +08:00
Matt Johnston
cc803ee802 fix pubkey authentication return value 2017-10-04 22:29:42 +08:00
Francois Perrad
89e64c631e Pointer parameter could be declared as pointing to const 2017-08-19 17:16:13 +02:00
Matt Johnston
72f85ad90f limit input size 2017-05-25 22:21:23 +08:00
Matt Johnston
fb4e07f7a8 don't exit encountering short lines 2017-05-25 00:10:18 +08:00
Matt Johnston
6e0b539e9c split out checkpubkey_line() separately 2017-05-23 22:29:21 +08:00
Matt Johnston
45b27b0194 merge 2017.75 2017-05-18 22:59:38 +08:00
Matt Johnston
93f3c31807 switch user when opening authorized_keys 2017-05-10 00:20:21 +08:00
Matt Johnston
32a28d0d9c Convert #ifdef to #if, other build changes 2016-05-04 15:33:40 +02:00
Francois Perrad
3e20c442de fix empty C prototypes 2016-03-16 22:41:20 +08:00
Matt Johnston
1a4db21fe4 buf_getstring and buf_putstring now use non-unsigned char* 2015-06-04 23:08:50 +08:00
Gaël PORTAY
5cf43d76bf Turn checkpubkey() and send_msg_userauth_pk_ok()'s algo argument into char * 2015-05-05 20:39:14 +02:00
Gaël PORTAY
224b16b247 Fix pointer differ in signess warnings [-Werror=pointer-sign] 2015-05-05 20:39:13 +02:00
Matt Johnston
f782cf375a Fix pubkey auth after change to reuse ses.readbuf as ses.payload 
(4d7b4c5526c5)

--HG--
branch : nocircbuffer
 2015-03-01 23:02:06 +08:00
Matt Johnston
b77864931b Don't exit fatally if authorized_keys has a line like 
command="something" ssh-rsa

--HG--
branch : ecc
 2013-11-12 23:58:51 +08:00
Matt Johnston
e60a84d0ed Various cleanups and fixes for warnings 
--HG--
branch : ecc
 2013-11-12 23:02:32 +08:00
Matt Johnston
c797c1750c - Fix various hardcoded uses of SHA1 
- rename curves to nistp256 etc
- fix svr-auth.c TRACE problem

--HG--
branch : ecc
 2013-04-08 00:10:57 +08:00
Matt Johnston
c6bdc810ab ecc kind of works, needs fixing/testing 
--HG--
branch : ecc
 2013-04-07 01:36:42 +08:00
Matt Johnston
38ed870ffe Improve capitalisation for all logged strings 
--HG--
extra : convert_revision : 997e53cec7a9efb7413ac6e17b6be60a5597bd2e
 2011-02-23 15:50:30 +00:00
Matt Johnston
31fa5e605b - Rework pubkey options to be more careful about buffer lengths. Needs review. 
--HG--
branch : pubkey-options
extra : convert_revision : 537a6ebebb46424b967ffe787f0f8560e5f447e8
 2008-09-12 17:23:56 +00:00
Matt Johnston
c0ce2a6a97 * Patch from Frédéric Moulins adding options to authorized_keys. 
Needs review.

--HG--
branch : pubkey-options
extra : convert_revision : 26872f944d79ddacff1070aab32115a6d726392c
 2008-09-08 15:14:02 +00:00
Matt Johnston
bb0548b3b0 Make a copy of passwd fields since getpwnam()'s retval isn't safe to keep 
--HG--
extra : convert_revision : 295b11312e327fe6c4f33512674ea4a1a9790344
 2008-01-13 03:55:59 +00:00
Matt Johnston
c077f22fb4 Improve known_hosts checking. 
--HG--
extra : convert_revision : b7933fa29cbedeb53b79a0b60aaa0f049e003cb2
 2007-02-22 15:29:32 +00:00
Matt Johnston
cb2cb15916 Log when pubkey auth fails because of bad pubkey perms/ownership 
--HG--
extra : convert_revision : 43e1a0c8365776577acd814d708027fcddcb02ef
 2005-09-20 08:59:46 +00:00
Matt Johnston
53681cbdb6 * use own assertions which should get logged properly 
--HG--
extra : convert_revision : 3dc365619f0840ab5781660b1257a9f22c05d3fe
 2005-09-05 15:16:10 +00:00
Matt Johnston
f45eafe342 * fix longstanding bug with connections being closed on failure to 
connect to auth socket (server)
* differentiate between get_byte and get_bool
* get rid of some // comments
* general tidying

--HG--
extra : convert_revision : fb8d188ce33b6b45804a5ce51b9f601f83bdf3d7
 2005-03-13 13:58:14 +00:00
Matt Johnston
8c1a429c44 Fixed DEBUG_TRACE macro so that we don't get semicolons left about the place 
--HG--
extra : convert_revision : d928bc851e32be7bd429bf7504b148c0e4bf7e2f
 2005-01-02 20:25:56 +00:00
Matt Johnston
9d43183704 Log the IP along with auth success/fail attempts 
--HG--
extra : convert_revision : 25eab43bd46e931fd4afecec49c22b9311062099
 2004-12-23 17:00:15 +00:00
Matt Johnston
8e1ec24f55 Merging in the changes from 0.41-0.43 main Dropbear tree 
--HG--
extra : convert_revision : 4c3428781bc8faf0fd7cadd7099fbd7f4ea386e7
 2004-08-12 16:41:58 +00:00
Matt Johnston
d7575f95f0 cleaning up the pubkey defines 
--HG--
extra : convert_revision : 149ce7a9a9cc5fe670994d6789b40be49895c595
 2004-08-12 14:56:22 +00:00
Matt Johnston
39dce00980 - Hostkey checking is mostly there, just aren't appending yet. 
- Rearranged various bits of the fingerprint/base64 type code, so it
  can be shared between versions

--HG--
extra : convert_revision : 6b8ab4ec5a6c99733fff584231b81ad9636ff15e
 2004-08-08 16:17:05 +00:00
Matt Johnston
7a854cb1f8 Improved signkey code 
--HG--
extra : convert_revision : fcf64cb4d2e273f80bf8c5f1d2dd00a0f4dc1acf
 2004-08-03 15:51:55 +00:00
Matt Johnston
a76b1ba068 Progressing client support 
--HG--
extra : convert_revision : 48946be1cef774d1c33b0f78689962b18720c627
 2004-07-27 16:30:46 +00:00
Matt Johnston
674a607488 Makefile.in contains updated files required 
--HG--
extra : convert_revision : cc8a8c49dc70e632c352853a39801089b08149be
 2004-06-01 02:46:09 +00:00